Hi,
>From the unveil manpage:
The first call to unveil() removes visibility of the entire filesystem
from all other filesystem-related system calls (such as open(2), chmod(2)
and rename(2)), except for the specified path and permissions.
Can the first call also be the last? I have a test program called unveiltest.c
and it does the following:
----paste---->
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
int
main(void)
{
int fd;
#ifdef UNVEIL_MOTD
if (unveil("/etc/motd", "r") < 0)
perror("unveil");
#endif
if (unveil(NULL, NULL) < 0)
perror("unveil");
for (;;) {
if ((fd = open("/etc/motd", O_RDONLY, 0)) < 0)
perror("open");
else
close(fd);
sleep(1);
}
}
<------
When I run it without UNVEIL_MOTD, meaning my first (and last) unveil was
NULL, NULL.. it doesn't deny /etc/motd reads.
beta$ cc -g -o unveiltest unveiltest.c
beta$ ./unveiltest
^C
beta$ ps ax | grep unveiltest
21482 pg S+ 0:00.10 ./unveiltest
98206 ph R+/3 0:00.00 grep unveiltest
And when I recompile with UNVEIL_MOTD same behaviour:
beta$ cc -g -DUNVEIL_MOTD -o unveiltest unveiltest.c
beta$ ./unveiltest
^C
except there is a difference in the ps listing:
beta$ ps ax | grep unveiltest
40907 pg S+U 0:00.01 ./unveiltest
40013 ph R+/2 0:00.00 grep unveiltest
Am I interpreting unveil manpage wrong or is it written wrong? I did have
a first call to unveil in the first example only it's NULL, NULL, me telling
the system I don't want anything opened at all. Is there any way to do that?
Or is that pledge()'s job?
Another weird one I have is that I call unveil() to a path but chroot() later,
then call unveil(NULL, NULL) and the ps flag doesn't indicate the U flag. Is
because of the chroot() the unveil lost?
Best regards,
-peter
